In the world of internet security, there are still plenty of things which need to change sooner rather than later. One of the main priorities is finding a way to eliminate botnets once and for all. The concept of a botnet is nothing new, as a large number of enslaved computers have become gateways for criminal activity ever since the Internet gained mainstream traction. Most victims don’t even know they are part of a botnet, let alone what they can do about it.
Android users may recall a botnet known as DressCode. It was first discovered back in 2016. At that time, the botnet mainly infected Android phones with a listening port which could be used to steal sensitive information. The malware was mainly distributed through Google Play apps, and over 400 such applications were promptly removed. One would expect that to have been the final straw for the DressCode botnet, but the reality is very different, unfortunately.
Indeed, recent evidence shows the DressCode botnet is still active in 2018. In fact, it seems to have grown in popularity and scale, which is extremely worrying. A total of four million Android devices may have become part of this growing botnet, mainly smartphones. It is certainly possible that Android tablets are also a part of this network, although we will need further research before drawing any conclusions on this front.
DressCode’s method of attack hasn’t changed in those 16 months either. The malware still creates open ports on infected devices, creating a direct connection between the attackers and their victims. As a result, the assailants can infiltrate home and company networks to steal sensitive information. Additionally, this is not a vulnerability which only the developers of DressCode can take advantage of. The unencrypted interface used to connect to infected Android devices can be used by anyone else who knows where to look.
Submitted by: Arnfried Walbrecht